Black Kite Launches ASI to Address Targeted Third-Party Cyber Risk
Black Kite has introduced its Adversary Susceptibility Index (ASI) to assist third-party risk management teams in identifying suppliers most vulnerable to specific threat actors. This innovative solution addresses the escalating challenges faced by security teams amid rising ransomware and targeted cyber threats. The ASI enables organisations to proactively evaluate vendor susceptibility based on the tactics and procedures associated with particular cybercriminal groups. Ferhat Dikbiyik, Chief Research and Intelligence Officer at Black Kite, emphasised the necessity for more targeted intelligence in light of significant cyber threats. He stated that with high-profile threats like Volt Typhoon, Black Basta, and APT29, security teams cannot afford to delay their responses. The ASI empowers organisations to swiftly identify which suppliers may be targeted by specific threat groups, marking a significant shift from passive monitoring to proactive, intelligence-driven action.
The Adversary Susceptibility Index builds on Black Kite’s existing Ransomware Susceptibility Index by directly linking risk exposure to the groups behind ransomware campaigns. The system flags vendors exhibiting vulnerabilities or behaviours aligned with known threat actor tactics, techniques, and procedures (TTPs). Key features include the identification of open Remote Desktop Protocol (RDP) ports, unpatched Common Vulnerabilities and Exposures (CVEs), and evidence of stealer log leaks. Additionally, the ASI provides security teams with indicators to identify third-party organisations that may require immediate outreach and coordinated remediation efforts. This triage-oriented approach enhances resource allocation and sharpens threat response focus. The ASI’s capabilities include Threat Actor Intelligence for Suppliers, Vendor Sorting by Susceptibility, Industry and Geography-Aware Risk, and Proactive Vendor Engagement, offering a new level of precision in third-party risk management.
Categories: Adversary Susceptibility Index, Third-Party Risk Management, Cyber Threat Intelligence
Tags: Adversary Susceptibility Index, Third-Party Risk Management, Cyber Threats, Ransomware, Vulnerabilities, Threat Actor Intelligence, Vendor Engagement, Risk Exposure, Proactive Assessment, Tactics and Procedures